You would probably need to check the precedence of the rules. Routing based
on fwmark may need to come ahead of the one that routes the packet to T2.
Have not used it myself. This is logic and not experience. If this is wrong,
forgive me for I know not.
Mohan
-----Original Message-----
From: lartc-admin@mailman.ds9a.nl [mailto:lartc-admin@mailman.ds9a.nl]On
Behalf Of Thompson,Peter
Sent: 13 September 2002 14:23
To: ''lartc@mailman.ds9a.nl''
Subject: [LARTC] iproute and marking packets.
I have browsed the archives and not found anything to answer my problem so
here goes :-)
my internal network is on the 10.0.0.0/16
my eth0 has 10.1.0.13 this address is NAT''ed at a cisco router which
is
10.1.0.21
my eth1 has 217.41.191.35 and this is connected straight into the back of an
ADSL modem the ip address of this is 217.41.191.38
the default gateway of this machine is the ADSL router.
i have recompiled the kernel with routing/packet marking options needed.
I have the machine talking to the net and replying via both interfaces. this
is my script so far...
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/eth1/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/eth0/rp_filter
ip route add default via 217.41.191.38 table T1
ip route add default via 10.1.0.21 table T2
# adds rules from the tables i guess.
ip rule add from 217.41.191.35 table T1
ip rule add from 10.1.0.13 table T2
#need this to see other internal machines...
route add -net 10.0.0.0/8 gw 10.1.0.21 dev eth0
this bit works fine..
What i want to do is mark smtp packets and send them via my 10.1.0.21
gateway.
#iptables -t mangle -A OUTPUT -p tcp --dport 25 -j MARK --set-mark 1
#iptables -t mangle -A PREROUTING -p tcp --dport 25 -j MARK --set-mark 1
#tried both methods here.. both result in failure...
#ip ro add default dev eth0 table 10
#ip route add default via 10.1.0.21 dev eth0 table 10
#ip ru add fwmark 1 table 10
ive checked to see if the counters increment and they do.. so the marking is
working fine.. just not the routing..
when i try to telnet to port 25 of anything i get a "no route to
host" and
nothing appears in TCPDUMP
if i remove the ip ru add fwmark 1 i can then telnet to port 25 of anything
again but via the adsl link...
i am using iptables 1.2.7a and kernel 2.4.18 on a suse 8 box.
anyone any ideas ?
Thanks in advance.
Pete Thompson
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/